Cloud Services: Security, Compliance and an Insurance model
Speakers: Dipankar Dasgupta
Topic(s): Cloud and Infomation Retrieval,Education,Security & Information Protection
As cloud services move to the mainstream to meet major computing needs, the issues of ownership and chain of custody of customer data are becoming primary responsibilities of providers. The 3 fundamental cloud service models form a hierarchy, with Software-as-a-Service (SaaS) on top of Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) on the bottom. While security requirements are essential for all service models, they vary in degree of defensive measures. The compliance for each sector requires specific protection for online data such as Transparency, Respect for Context, Security, Focused Collection, Accountability, Access and Accuracy. For example, HIPAA (Health Insurance Portability and Accountability Act) requires insurance portability, administrative simplification and fraud enforcement like privacy and security. Another example, PCI-DSS compliance, was set up to improve the Information Security of financial transactions related to credit and debit cards. And GLBA (Gramm-Leach-Bliley Act) compliance requires analyzing the risks before moving customer information into emerging technology models.
This talk will cover various aspects of cloud computing (opportunities, issues, and challenges), the market view of cloud computing in government, public sectors, and security, as well as compliance issues and implications. We developed an insurance framework called MEGHNAD for estimating the security coverage based on the type of cloud service and the level of security assurance required. This security coverage estimator may be useful to cloud providers (offering Security as a Service), cloud adopters and cloud insurers who want to incorporate or market cloud security insurance. This framework allows the user/operator to choose a cloud service (such as Saas, Paas, IaaS) and other pertinent information in order to determine the appropriate level of security insurance coverage. This tool can generate a SLA (Service Level Agreement) document for the organization to help in finding correct required services from the vendor in order to certify the compliance in their industry structure.
About this Lecture
Number of Slides: 60
Duration: 90 minutes
Languages Available: English
Last Updated: 10-06-2014
Request this Lecture
To request this particular lecture, please complete this online form.
Request a Tour
To request a tour with this speaker, please complete this online form.
All requests will be sent to ACM headquarters for review.